ConfigMgr OS Deployment – WDS and DHCP on same server Issue/Resolution

Recently I set up a Windows 2008 server with ConfigMgr 2007 SP1 (aka SCCM 2007) & wanted to do OS deployment.  I ran into some issues because this server was also a DHCP server, this post will address the high level steps I took to get this working.

 

  1. Installed WDS via the Add Roles Wizard
    • image
  2. Added the PXE service point role via ConfigMgr Admin Console
    • image
  3. Now all should be good right?  Nope, the WDS service would not start.  After some research I found the issue to be that WDS & DHCP both use port 67 by default.
    • To get around this the following registry change needs to be made (UseDHCPPorts = 0)
      • image
  4. I then removed and reinstalled the PXE service point and thought all was well – even the pxecontrol.log looked good (see below)
  5. Monitored PXEControl.log to ensure PXE was responding to tests
    • image
  6. So I tried to PXE boot a system and still no luck.  More research showed that I needed to accomplish two more steps
    • Initialize the WDSServer (wdsutil /initialize-server /reminst:G:\RemoteInstall) – NOTE: Adjust the G:\remoteinstall location to reality in your environment
      • image
    • Next you need to run the following command for the registry change made in step 3 to take affect
    • image
  7. The next test worked like a charm
    • image
    • image
    • image  
Advertisements

How SMS & ConfigMgr Asset Intelligence Data is Collected on the Client

Great post on the technet forums detailing how this is done:

 http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3008301&SiteID=17

SCCM 2007 and MOF Files

Configuration Manager Documentation Library Update

http://www.microsoft.com/downloads/details.aspx?FamilyID=81997356-7f18-48b2-a53a-d6f995a47f35&DisplayLang=en 

The Configuration Manager Documentation Library has been updated. The Documentation Library is the primary documentation for Configuration Manager 2007. The November update contains new material and fixes to documentation problems reported after Configuration Manager 2007 was released. Refer to “What’s New in the Configuration Manager Documentation Library for November 2007” for a list of topics that are new or updated in this version. The updated smsv4.chm will have a date of 11/06/2007 and will overwrite the existing smsv4.chm in %systemroot%\help. This information is also available online in the TechCenter Library http://technet.microsoft.com/en-us/library/bb680651.aspx.
Feature Bullet Summary:

The Documentation Library includes the following types of information:

• Setup and upgrade instructions.
• Information about new features and backwards compatibility.
• Conceptual descriptions about the technologies and features in Configuration Manager 2007.
• Procedural topics describing how to use the various features in Configuration Manager 2007
• Step-by-step topics to guide you through sample deployments
• Scenario topics to provide examples of how the technology might be used
• Security and privacy information about the features
• Troubleshooting information

System Center Configuration Manager 2007 Configuration Pack Catalog

Get all your configuration packs here:

https://www.microsoft.com/technet/prodtechnol/scp/configmgr07.aspx 

 

System Center Configuration Manager 2007
Configuration Pack Catalog

Desired Configuration Management (DCM) is a feature in System Center Configuration Manager. With DCM, utilize Microsoft and third party best practice configuration knowledge to improve configuration definition and maintenance. Find the software you need to define configurations for your Microsoft and third party applications with Configuration Manager 2007.

System Center Configuration Manager 2007 Toolkit Released

The ConfigMgr 2007 Toolkit contains 7 downloadable tools to help you manage and troubleshoot ConfigMgr 2007.

The following list provides specific information about each tool in the toolkit.

      Client Spy – A tool to help troubleshoot issues related to software distribution, inventory, and software metering on Configuration Manager 2007 clients.
      Policy Spy – A policy viewer to help review and troubleshoot the policy system on Configuration Manager 2007 clients.
      Trace32 – A log viewer that provides a way to easily view and monitor log files created and updated by Configuration Manager 2007 clients and servers.
      Security Configuration Wizard Template for Configuration Manager 2007 – An attack-surface reduction tool for the Microsoft Windows Server 2003 operating system with Service Pack 1 and Service Pack 2 (SP1 and SP2) that determines the minimum functionality required for a server’s role or roles, and disables functionality that is not required.
      DCM Model Verification – A tool used by desired configuration management content administrators for the validation and testing of configuration items and baselines authored externally from the Configuration Manager console.
      DCM Digest Conversion – A tool used by desired configuration management content administrators to convert existing SMS 2003 Desired Configuration Management Solution templates to Desired Configuration Management 2007 configuration items.
      DCM Substitution Variables – A tool used by desired configuration management content administrators for authoring desired configuration management configuration items that use chained setting and object discovery.

SCCM Mobile Device Management Step-By-Step

I recently went through the process of building a System Center Configuration Manager (SCCM) 2007 environment for mobile device management.  Below are some very high level steps of the process.  This is not meant to be all inclusive – just points out some of the issues I ran into.

High Level Steps:

1. Install Microsoft Certificate Authority on Domain – nothing special here (next, next, next)

a. IMPT:  You must enable the client authentication template certificate on the CA (not enabled by default)

2. Generate Site Server Signing certificate according to http://technet.microsoft.com/en-us/library/bb694035.aspx

3. Create Group Policy to allow for automatic certificate enrollment for client systems (this will only help SCCM computers act as clients – not devices – http://technet.microsoft.com/en-us/library/bb694035.aspx

4. Install SCCM 2007 in Native Mode using the Site server signing certificate created in Step 2

5. Enable pertinent features in SCCM

 1. Enable Mobile Device Client Agent

 2. Enable Device Management Point

 3. Enable Distribution Point

 4. Enable Management Point

      – Allow devices to use this Management Point

6. Generate & Install Web server cert on Public Facing MP/DP http://technet.microsoft.com/en-us/library/bb694035.aspx

a. IMPT – The subject name of this cert MUST MATCH the external DNS domain your internet connected devices will use to connect to the MP/DP.  If this does not match your clients will not work.

 

7. Prepare installation files for mobile device client installations

a. Edit customsettings.ini to match your environment

b. Copy appropriate files for your mobile device to the install directory

IMPT:

You must place the following certificates in the client install folder for the mobile client:

1. SCCM Site Server Signing Cert

2. SCCM Web Server Cert

3. Trusted Root Cert for your CA

4. Any Intermediate Certs (If they exist in your environment)

EXAMPLE INSTALL FOLDER FOR MOBILE 5 SMARTPHONE:

8. Copy install files to device via SD card or ActiveSync

a. Execute dminstaller_*.exe

NOTE:

During the install the mobile device needs to contact the CA to get a unique ClientAuth certificate.  Your device must have connectivity to the CA server during the install or it will fail with no visible errors (other than the log files in \Temp)

9. Install Logs are created in the /Temp directory of the client

10. A successful installation will create an icon under settings called device management

11. When your device gets and SMSID you can rest assured it is install and working

12. There are key logs on the SCCM server that you can use for troubleshooting:

Important Side Notes:

· The proxy server on Cingular devices must be disabled for the device to successfully communicate with the SCCM DMP/DP.  This seems to be hit & miss I’ve seen it work on some devices without disabling.

· Network Access (Intranet or Internet) to the CA must be available at the time of the Mobile Device Client installation – the device needs to get a client authentication certificate from the Certificate Authority during the install process.  If network access to the CA is not available during the install it will fail

Windows Mobile Device Emulator:

A great tool for testing this is the Windows Mobile Device Emulator. This is available as a standalone download here.  If you have Visual Studio 2005 installed it should be already available under Tools -> Device Emulator Manager, you will to download emulator images though.  You can get some Windows Mobile 6 emulator images from the Windows Mobile SDK.

Windows Mobile Device Emulator

 Device Management Client:

Here is a screenshot of the Device Management client on a Windows Mobile 6 device.

Device Management Client